[ubuntu/precise-security] xerces-c 3.1.1-1+deb6u2build0.12.04.1 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Mon Feb 29 23:52:29 UTC 2016
xerces-c (3.1.1-1+deb6u2build0.12.04.1) precise-security; urgency=medium
* fake sync from Debian
xerces-c (3.1.1-1+deb6u2) squeeze-lts; urgency=high
* Non-maintainer upload by the Squeeze LTS Team.
* Add CVE-2016-0729.patch patch.
Apache Xerces-C XML Parser Crashes on Malformed Input
The Xerces-C XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overlows during processing
and error reporting. The overflows can manifest as a segmentation
fault or as memory corruption during a parse operation. The bugs
allow for a denial of service attack in many applications by an
unauthenticated attacker, and could conceivably result in remote
code execution.
Date: 2016-02-29 22:58:17.873598+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/+source/xerces-c/3.1.1-1+deb6u2build0.12.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list